Last updated: 9 July 2026
Linguin is operated by Surfy Ltd, a company registered in England and Wales (company number 15026168), registered office at 14-2e Docklands Business Centre, 10-16 Tiller Road, London, E14 8PX, United Kingdom. When this policy says we, it means Surfy Ltd.
Linguin is built to need as little of your data as possible. This page explains what we collect, why, and what happens to it.
Your email address. It is your account. You sign in with a one-time code sent to it, there are no passwords. We use it for sign-in codes and for replies you ask for, never for marketing lists.
Your content. Words you save, exercises, Talk conversations, and your learning progress are stored so the product works. They are private to your account.
Lookups. When you look up a word that isn't in the dictionary yet, the dictionary generates an entry for it. Entries are public, but they contain only the word and its description. Nothing about you or your account is attached to them.
Billing records. Payments are handled by Stripe. Card details go to Stripe directly and never touch our servers. We store the transaction history and a Stripe customer reference so your billing page can show your statement.
API usage. If you use the Linguin API, we store your keys hashed, and a log of your requests with their cost, so balance and reports work.
Technical logs. Standard server logs (IP address, browser type) are kept for security and troubleshooting. Visit counts are aggregated internally. We use no third-party analytics, no ad trackers, and no tracking pixels.
Text you submit for lookups, translations, and Talk is sent to the AI infrastructure we run on (currently Cerebras) to generate your answer. It is used to produce the result you asked for, nothing else.
We use no tracking cookies. Your browser's local storage keeps your session and settings on your device.
We never sell your data. It leaves our servers only to the processors named above (Stripe for payments, our AI infrastructure for generation, our email provider for sign-in codes), or if the law requires it.
Our servers are hosted by ReliableSite in the United States, in the New York metro area, so your data is stored there. UK GDPR still governs how we handle it, wherever it sits.
A family plan owner adds members by email. If a member is a minor, the owner confirms they are the parent or guardian and consents on their behalf.
Your data is kept while your account is active. Write to us on the contacts page to delete your account, and we will remove it along with your content. Billing records are kept as long as accounting law requires. Server logs are short-lived.
You can ask us what we hold about you, request a copy, correct it, or have it deleted. The contacts page is the way in for all of it. If you are unhappy with how we handled something, you can also complain to the UK Information Commissioner's Office at ico.org.uk.
When this policy changes, the new version appears here with a new date.